Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test dependabot.yml only allowing production dependencies #22

Merged
merged 2 commits into from
Oct 4, 2022

Conversation

kienstra
Copy link
Owner

@kienstra kienstra commented Oct 4, 2022

  • Tests if the dependabot.yml configuration works.
  • It doesn't. Dependabot still opened development alerts:

Screen Shot 2022-10-04 at 12 27 26 PM

@kienstra kienstra merged commit bf4c349 into develop Oct 4, 2022
@kienstra kienstra deleted the add/testing-dep branch October 4, 2022 17:26
@kienstra kienstra changed the title See if a development dependency causes a Dependabot alert Test if a development dependency causes a Dependabot alert Oct 4, 2022
ignore:
- dependency-type: "development"
allow:
- dependency-type: "production"
Copy link
Owner Author

@kienstra kienstra Oct 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous syntax:

ignore:
      - dependency-type: "development"

…caused a GitHub action error:

The property '#/updates/0/ignore/0' contains additional properties ["dependency-type"] outside of the schema when none are allowed
The property '#/updates/0/ignore/0' did not contain a required property of 'dependency-name'

@kienstra kienstra changed the title Test if a development dependency causes a Dependabot alert Test dependabot.yml only allowing production dependencies Oct 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant